Researchers Find More Cases of Facebook App Data Exposure

Published Apr 4, 2019 at 3:58 AM

Receive the latest national-international updates in your inbox

In this February 24, 2016, file photo, the Facebook logo is displayed at the Facebook Innovation Hub in Berlin, Germany.

Security researchers have uncovered more instances of Facebook user data being publicly exposed on the internet, further underscoring its struggles as it deals with a slew of privacy and other problems.

The researchers from the firm UpGuard said in a blog post Wednesday that the data, which included user names and passwords, came from two different Facebook apps that stored their data publicly on Amazon's cloud services. Facebook said the databases have been taken down.

"I just saw that, so we're still looking into this," Zuckerberg told ABC News in an interview airing Thursday.

But the episode illustrates Facebook's issues with controlling its users' data, especially once it is in the hands of third-party developers.

Zuckerberg Shares How He Plans to Keep Facebook Free

When pressed on how to maintain a sustainable business model without charging users to use the platform, Facebook CEO Mark Zuckerberg said the solution is to run ads.

(Published Tuesday, April 10, 2018)

The databases were from a Mexico-based media company called Cultura Colectiva, which included more than 540 million records — like user comments and likes — and from an app called At the Pool. The researchers said passwords stored for At the Pool were "presumably" for the app and not for Facebook. Still, storing them publicly could put people at risk if they used the same passwords across different accounts.

While the At the Pool data collection was not as large as that for Cultura Colectiva, UpGuard said it included plain text passwords for 22,000 users. The app itself shut down in 2014, and UpGuard said it is not known how long the user details were exposed.

The discovery comes a little over a year after Facebook's Cambridge Analytica scandal, in which the data mining firm affiliated with Donald Trump got personal data on millions of Facebook users.

"As Facebook faces scrutiny over its data stewardship practices, they have made efforts to reduce third party access. But as these exposures show, the data genie cannot be put back in the bottle," UpGuard wrote in its blog post. "Data about Facebook users has been spread far beyond the bounds of what Facebook can control today."